1. Field of the Invention
The present invention relates to wager gaming networks and underlying data security infrastructure. More specifically, it relates to creating, distributing, and managing certificates for enabling secure communication of data among components in a gaming network.
2. Description of the Related Art
Gaming regulators generally require that communication channels between gaming machines and other components, such as communication servers, in a gaming network, be as secure as currently available technologies allow. One of the more secure modes of communication in a network is through the use of a Secure Socket Layer (SSL) or Transport Layer Security (TLS) which may be utilized in gaming networks. However, in order to implement SSL, certificates may need to be distributed to end points in a network, namely gaming machines and devices and servers.
One method of providing gaming machines with certificates, containing various data such as a machine's public key, is to electronically transmit the certificate over a server-based gaming network using Simple Certificate Enrollment Protocol (SCEP). However, issuing a certificate to a legitimate machine from the certificate authority over a network requires the use of passwords to authenticate the machine. The number of passwords needed may be directly proportional to the number of actual gaming machines and devices receiving new certificates. In other embodiments, the same password may be used for all machines. Managing a few passwords, known to various, albeit trusted, casino employees requires diligence and reliance on those employees who have the password to not reveal the passwords, whether deliberately or accidentally, to unauthorized parties. Managing hundreds or thousands of passwords in a large casino environment is likely to be a persistent security risk in the network and verges on being unworkable. On the other hand, having only one password for all machines raises the ominous prospect that an entire security scheme for a gaming network may be compromised if that one password is leaked. In one scenario, a password is entered into a gaming machine by a casino floor operator which is used to authenticate the machine to a certificate authority server over a network. The same password is used for all gaming machines in a network or in a section of a casino floor, placing paramount importance on the password. If the password is compromised, the security of the all gaming machines in the network may be compromised. It is generally known in the computer and network security fields that passwords are often the weakest link in a security infrastructure and are the most vulnerable aspect of a security scheme.
However, the fact remains that in order to implement SSL in a network, communicating end points that want to benefit from SSL need to have certificates. For example, certificates are used by end points (e.g., a gaming machine and a communication server) to authenticate each other, that is, perform a “handshake.” Only after this is done, can an SSL or TLS channel be established, after which a session key, for example, may be exchanged between the two end points for further routine game-related communication.